git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Al Viro <viro@zeniv.linux.org.uk>
	Fri, 16 Dec 2016 18:42:06 +0000 (13:42 -0500)
committer	Al Viro <viro@zeniv.linux.org.uk>
	Fri, 23 Dec 2016 04:03:42 +0000 (23:03 -0500)
commit	d9a8f0d66db0b8f98427d0673ff12962cdf3c6f3
tree	025d426075681b9904895045929e322429b8a251	tree \| snapshot
parent	80b8dd097475fd4119a3a3773eb44b56c0a742a7	commit \| diff

sg_write()/bsg_write() is not fit to be called under KERNEL_DS

Both damn things interpret userland pointers embedded into the payload;
worse, they are actually traversing those. Leaving aside the bad
API design, this is very much _not_ safe to call with KERNEL_DS.
Bail out early if that happens.

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

block/bsg.c		diff \| blob \| history
drivers/scsi/sg.c		diff \| blob \| history

Linux Kernel Source Tree.

RSS Atom